version 1.34, 2015/05/23 21:02:39
|
version 1.40, 2020/02/17 23:04:18
|
Line 37 use Apache::lonhtmlcommon();
|
Line 37 use Apache::lonhtmlcommon();
|
use Apache::lonsequence(); |
use Apache::lonsequence(); |
use Apache::Constants qw(:common :http); |
use Apache::Constants qw(:common :http); |
use Apache::lonmeta; |
use Apache::lonmeta; |
|
use Apache::lonenc(); |
use Apache::File; |
use Apache::File; |
use Apache::lonlocal; |
use Apache::lonlocal; |
use HTML::Entities; |
use HTML::Entities; |
Line 44 use LONCAPA qw(:DEFAULT :match);
|
Line 45 use LONCAPA qw(:DEFAULT :match);
|
|
|
sub make_link { |
sub make_link { |
my ($filename, $listname) = @_; |
my ($filename, $listname) = @_; |
my $sourcelink = "/adm/source?inhibitmenu=yes&filename=".$filename."&listname=".$listname; |
my $sourcelink = '/adm/source?inhibitmenu=yes&filename='. |
|
&escape(&escape($filename)).'&listname='. |
|
&escape(&escape($listname)); |
return $sourcelink; |
return $sourcelink; |
} |
} |
|
|
Line 88 sub copy_author {
|
Line 90 sub copy_author {
|
sub copy_stage { |
sub copy_stage { |
my ($r, $filename, $listname, $newpath) = @_; |
my ($r, $filename, $listname, $newpath) = @_; |
|
|
#Figure out if we are author or co-author |
my ($path_to_new_file,$uname,$udom) = &get_path_to_newfile($r,$newpath,$listname); |
my ($role,$author_name,$domain)=©_author(); |
|
|
|
# Construct path to copy and filter out any possibly nasty stuff |
|
my $path_to_new_file = $r->dir_config('lonDocRoot'). |
|
"/priv/$domain/$author_name/$newpath/$listname"; |
|
$path_to_new_file=~s/\.\.//g; |
|
$path_to_new_file=~s/\~//g; |
|
$path_to_new_file=~s/\/+/\//g; |
|
|
|
#Just checking again for access as we want to make sure that it is really ok now that we have the real path |
|
|
|
my ($uname,$udom)= &Apache::lonnet::constructaccess($path_to_new_file); |
|
|
|
if (!$uname || !$udom) { |
|
$r->print(&Apache::loncommon::start_page('Not Allowed',undef,{'only_body' => 1})); |
|
$r->print(&mt('Not allowed to create file [_1]', $path_to_new_file)); |
|
$r->print(&Apache::loncommon::end_page()); |
|
return; |
|
} |
|
|
|
#allowed |
#allowed |
$r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1})); |
if ($path_to_new_file) { |
my $result = &Apache::loncfile::exists($uname, $udom, $path_to_new_file); |
$r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1})); |
$r->print($result); |
my $result = &Apache::loncfile::exists($uname, $udom, $path_to_new_file); |
if(($result) && ($result =~ m|published|) ) { |
$r->print($result); |
&delete_copy_file($r, $newpath, $filename, $path_to_new_file, '1'); |
if (($result) && ($result =~ /published/)) { |
} elsif(($result) && ($result =~ m|exists!|)) { |
&delete_copy_file($r, $newpath, $filename, $path_to_new_file, '1'); |
&confirm($r, $newpath, $filename, $path_to_new_file); |
} elsif (($result) && ($result =~ /exists\!/)) { |
} else { |
&confirm($r, $newpath, $filename, $listname); |
©_file($r, $newpath, $filename, $path_to_new_file); |
} else { |
|
©_file($r, $newpath, $filename, $path_to_new_file); |
|
} |
|
$r->print(&Apache::loncommon::end_page()); |
} |
} |
|
|
$r->print(&Apache::loncommon::end_page()); |
|
return; |
return; |
} |
} |
|
|
sub confirm { |
sub confirm { |
my ($r, $newpath, $filename, $path_to_new_file) = @_; |
my ($r, $newpath, $filename, $listname) = @_; |
$r->print('<b>'.&mt('Press delete to remove file and replace it with a copy of the source you are viewing.').'</b><br /><br />'); |
$r->print('<b>'.&mt('Press delete to remove file and replace it with a copy of the source you are viewing.').'</b><br /><br />'); |
$r->print('<form name="delete_confirm" action="/adm/source" target="_parent" method="post"> |
$r->print('<form name="delete_confirm" action="/adm/source" target="_parent" method="post"> |
<input type="hidden" name="filename" value="'.$filename.'" /> |
<input type="hidden" name="filename" value="'.$filename.'" /> |
<input type="hidden" name="path" value="'.$path_to_new_file.'" /> |
<input type="hidden" name="listname" value="'.$listname.'" /> |
<input type="hidden" name="newpath" value="'.$newpath.'" /> |
<input type="hidden" name="newpath" value="'.$newpath.'" /> |
<input type="hidden" name="action" value="delete_confirm" /> |
<input type="hidden" name="action" value="delete_confirm" /> |
|
|
<input type="submit" value="Delete" /> |
<input type="submit" value="Delete" /> |
</form>'); |
</form>'); |
return; |
return; |
Line 141 sub confirm {
|
Line 124 sub confirm {
|
|
|
sub delete_copy_file { |
sub delete_copy_file { |
my ($r, $newpath, $filename, $path_to_new_file, $type) = @_; |
my ($r, $newpath, $filename, $path_to_new_file, $type) = @_; |
if($type eq '1') { |
if ($type eq '1') { |
$r->print('<p><span class="LC_warning">' |
$r->print('<p><span class="LC_warning">' |
.&mt('Cannot delete non-obsolete published file.') |
.&mt('Cannot delete non-obsolete published file.') |
.'</span><br />' |
.'</span><br />' |
Line 151 sub delete_copy_file {
|
Line 134 sub delete_copy_file {
|
.'<input type="button" value="'.&mt('Close Window').'" name="close"' |
.'<input type="button" value="'.&mt('Close Window').'" name="close"' |
.' onclick="window.close()" />' |
.' onclick="window.close()" />' |
.'</form></p>'); |
.'</form></p>'); |
|
return; |
} else { |
} else { |
$r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1})); |
$r->print(&Apache::loncommon::start_page('Copying Source',undef,{'only_body' => 1})); |
if(-e $path_to_new_file) { |
if (-e $path_to_new_file) { |
unless(unlink($path_to_new_file)) { |
unless (unlink($path_to_new_file)) { |
$r->print('<p class="LC_error"">'.&mt('Error:').' '.$!.'</p>'); |
$r->print('<p class="LC_error"">'.&mt('Error:').' '.$!.'</p>'); |
return 0; |
return 0; |
} |
} |
Line 164 sub delete_copy_file {
|
Line 148 sub delete_copy_file {
|
} |
} |
©_file($r, $newpath, $filename, $path_to_new_file); |
©_file($r, $newpath, $filename, $path_to_new_file); |
$r->print(&Apache::loncommon::end_page()); |
$r->print(&Apache::loncommon::end_page()); |
|
return; |
} |
} |
return; |
|
} |
} |
|
|
sub copy_file { |
sub copy_file { |
Line 213 sub copy_file {
|
Line 197 sub copy_file {
|
} |
} |
|
|
sub print_item { |
sub print_item { |
my ($r,$filename,$listname) = @_; |
my ($r,$filename,$listname,$context) = @_; |
my $file_output = |
my $file_output; |
&includemeta(&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename), |
if ($context eq 'view') { |
$filename); |
$file_output = |
|
&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename); |
|
} else { |
|
$file_output = |
|
&includemeta(&Apache::lonnet::getfile($Apache::lonnet::perlvar{'lonDocRoot'}.$filename), |
|
$filename); |
|
} |
$r->print(&Apache::loncommon::start_page('View Source Code',undef, |
$r->print(&Apache::loncommon::start_page('View Source Code',undef, |
{'only_body' => 1})); |
{'only_body' => 1})); |
if ($file_output ne '') { |
if ($file_output ne '') { |
my $access_to_cstr; |
my $access_to_cstr; |
my $lonhost = $r->dir_config('lonHostID'); |
my $lonhost = $r->dir_config('lonHostID'); |
if (&Apache::lonnet::is_library($lonhost)) { |
if ($context eq 'view') { |
|
$r->print('<form name="view" action="" target="_parent" method="post"><span class="LC_info">'. |
|
&mt('Source code is displayed below.'). |
|
'</span>'.(' ' x4).'<input type="button" name="close" onclick="window.close();"'. |
|
' value="'.&mt('Close Window').'" /></form><hr />'); |
|
} elsif (&Apache::lonnet::is_library($lonhost)) { |
my @possdoms = &Apache::lonnet::current_machine_domains(); |
my @possdoms = &Apache::lonnet::current_machine_domains(); |
foreach my $dom (@possdoms) { |
foreach my $dom (@possdoms) { |
if ($env{"user.role.au./$dom/"}) { |
if ($env{"user.role.au./$dom/"}) { |
Line 311 sub includemeta {
|
Line 306 sub includemeta {
|
} |
} |
} |
} |
|
|
|
sub get_path_to_newfile { |
|
my ($r,$newpath,$listname) = @_; |
|
|
|
#Figure out if we are author or co-author |
|
my ($role,$author_name,$domain) = ©_author(); |
|
|
|
# Construct path to copy and filter out any possibly nasty stuff |
|
my $path = $r->dir_config('lonDocRoot')."/priv/$domain/$author_name/"; |
|
my $path_to_new_file = $path."$newpath/$listname"; |
|
$path_to_new_file=~s/\.\.//g; |
|
$path_to_new_file=~s/\~//g; |
|
$path_to_new_file=~s/\/+/\//g; |
|
|
|
#Just checking again for access as we want to make sure that it is really ok |
|
#now that we have the real path |
|
|
|
my ($uname,$udom)= &Apache::lonnet::constructaccess($path_to_new_file); |
|
|
|
if (!$uname || !$udom) { |
|
$r->print(&Apache::loncommon::start_page('Not Allowed',undef,{'only_body' => 1})); |
|
$r->print(&mt('Not allowed to create file [_1]', $path_to_new_file)); |
|
$r->print(&Apache::loncommon::end_page()); |
|
if (wantarray) { |
|
return(); |
|
} else { |
|
return; |
|
} |
|
} |
|
if (wantarray) { |
|
return ($path_to_new_file,$uname,$udom); |
|
} else { |
|
return $path_to_new_file; |
|
} |
|
} |
|
|
sub handler { |
sub handler { |
my $r=shift; |
my $r=shift; |
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, |
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, |
['filename','listname']); |
['filename','listname','viewonly']); |
my $filename = $env{'form.filename'}; |
my $filename = $env{'form.filename'}; |
|
my $shownfilename = $filename; |
|
$shownfilename =~ s/(`)/'/g; |
|
$shownfilename =~ s/\$/\(\$\)/g; |
my $listname = $env{'form.listname'}; |
my $listname = $env{'form.listname'}; |
my $source = &Apache::lonnet::metadata($filename,'sourceavail'); |
my $viewonly = $env{'form.viewonly'}; |
if ($source ne 'open') { |
|
$env{'user.error.msg'}="$filename:cre:1:1:Source code not available"; |
if ($viewonly) { |
|
my $canview; |
|
if ((&Apache::lonnet::metadata($filename,'sourceavail') eq 'open') && |
|
(&Apache::lonnet::allowed('cre','/'))) { |
|
$canview = 1; |
|
} elsif (($env{'request.course.id'}) && (&Apache::lonnet::is_on_map($filename))) { |
|
my $crs_sec = $env{'request.course.id'} . (($env{'request.course.sec'} ne '') |
|
? "/$env{'request.course.sec'}" |
|
: ''); |
|
if (&Apache::lonnet::allowed('vxc',$crs_sec)) { |
|
my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; |
|
&Apache::lonenc::check_decrypt(\$filename); |
|
if (($env{'request.role.domain'} eq $cdom) && ($filename =~ /$LONCAPA::assess_re/)) { |
|
my ($auname) = ($filename =~ m{^\Q/res/$cdom/\E($match_username)/}); |
|
if (($auname ne '') && ($env{'request.course.adhocsrcaccess'} ne '') && |
|
(grep(/^\Q$auname\E$/,split(/,/,$env{'request.course.adhocsrcaccess'})))) { |
|
$canview = 1; |
|
} elsif ((&Apache::lonnet::metadata($filename,'sourceavail') eq 'open') && |
|
($filename =~ m{^\Q/res/$cdom/}) && |
|
(&Apache::lonnet::allowed('bre',$crs_sec))) { |
|
$canview = 1; |
|
} |
|
} |
|
} |
|
} |
|
unless ($canview) { |
|
$env{'user.error.msg'}="$shownfilename:cre:1:1:Source code not available"; |
|
return HTTP_NOT_ACCEPTABLE; |
|
} |
|
} elsif (&Apache::lonnet::metadata($filename,'sourceavail') ne 'open') { |
|
$env{'user.error.msg'}="$shownfilename:cre:1:1:Source code not available"; |
return HTTP_NOT_ACCEPTABLE; |
return HTTP_NOT_ACCEPTABLE; |
} |
} |
unless (&Apache::lonnet::allowed('bre',$filename)) { |
unless (&Apache::lonnet::allowed('bre',$filename)) { |
$env{'user.error.msg'}="$filename:bre:1:1:Access to resource denied"; |
$env{'user.error.msg'}="$shownfilename:bre:1:1:Access to resource denied"; |
return HTTP_NOT_ACCEPTABLE; |
return HTTP_NOT_ACCEPTABLE; |
} |
} |
unless (&Apache::lonnet::allowed('cre','/')) { |
unless (($viewonly) || (&Apache::lonnet::allowed('cre','/'))) { |
$env{'user.error.msg'}="$filename:cre:1:1:Access to source code denied"; |
$env{'user.error.msg'}="$shownfilename:cre:1:1:Access to source code denied"; |
return HTTP_NOT_ACCEPTABLE; |
return HTTP_NOT_ACCEPTABLE; |
} |
} |
|
my $newpath = $env{'form.newpath'}; |
|
|
&Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |
$r->send_http_header; |
$r->send_http_header; |
|
|
if ($env{'form.action'} eq 'stage2') { |
if ($viewonly) { |
|
&print_item($r,$filename,$listname,'view'); |
|
} elsif ($env{'form.action'} eq 'stage2') { |
&stage_2($r,$filename,$listname); |
&stage_2($r,$filename,$listname); |
} elsif($env{'form.action'} eq 'copy_stage') { |
} elsif($env{'form.action'} eq 'copy_stage') { |
©_stage($r,$filename,$listname,$env{'form.newpath'}); |
©_stage($r,$filename,$listname,$newpath); |
} elsif($env{'form.action'} eq 'delete_confirm') { |
} elsif($env{'form.action'} eq 'delete_confirm') { |
&delete_copy_file($r,$env{'form.newpath'},$filename, $env{'form.path'}, '0'); |
my $path_to_new_file = &get_path_to_newfile($r,$newpath,$listname); |
|
if ($path_to_new_file) { |
|
&delete_copy_file($r, $newpath, $filename, $path_to_new_file, '0'); |
|
} |
} else { |
} else { |
&print_item($r,$filename,$listname); |
&print_item($r,$filename,$listname); |
} |
} |